I just started my NOC position last week and Ill have my BS in I.T and M.S. in Info Assurance within 18 months. So I was thinking I would stay at this job till then and after I get my graduated degree, start applying for Info Assurance jobs? From what I read in forums and on the web, most likely 2 years of IT experience wont get me an info assurance job. So maybe try and get a linux admin position then IA?

- I troubleshoot vpn and SIP connections- use linux to update systems, edit files, add drivers, run scripts to fix other things-sub-contract jobs that we cant do remotely-more and more technical support as well

Here are my thoughts, as someone in Information Assurance you will be focusing on protecting the data within your network. The best way to do that will be to know a bit about all aspects of the network. This really only comes with experience. I personally have worked roughly 10+ years doing everthing from managing a large public school network, learning alot as I went but ultiamately worked with everything from configuring switches, firewalls, server builds, desktop deployment, AV deployment/management and enterprise applications like Exchange, including migrations. So I worked the trenches.

Later I took a postion as a consultant for about 5 years. Same sort of tasks involved but I then moved into working more with Macs, getting a bit more involved with cross-training on platforms and eventually took an interest in concentrating on security. I began doing more detailed vulnerability assessments which are fun to do. Run your automated scans, check to see if they are false positives and determine remediation steps if they are not. Sadly I had to leave the job due to some conflicts with management but it was time to leave anyway.

Since then I took a few jobs and I am now in my 2nd position as a Security consultant. So gain as much knowledge as you can. The more you know about the networks you need to protect, the better!

So pretty much..I have a long ways to go! haha Thanks for the advice. Here's another question. I'm currently doing a decent amount of linux and networking at my current job and I've been debating to either go towards the networking route or linux admin route after this position?

Why not both? I have found with Windows, that you can only do so much before it becomes a repetitive task. I imagine Linux will be a similar task at some point. I've never had the pleasure to administer a linux environment, but like most admin jobs, it will become the same old thing. No matter your platform, networking is the base for all things LAN/WAN. So it is always helpful to have a good understanding of where your data is heading and how it gets there. Granted in a larger environment, most network engineers will seldom work on the server level and vice versa. I think an IT Generalist can certainly move deeper in the Security realm a bit easier than someone who has chosen a set specialization and has not diverted from it much.

Have you considered consulting? I spent most of my early career years in consulting and due to the variety of environments I got to set foot in, I was exposed to a plethora of technologies. I was able to get loads of hands on experience with routers, switches, firewalls, servers, and workstations. It is a pain traveling and you basically have no life apart from computers but I can't really think of a better way to learn about different things.

In all honesty, it's very challenging and time consuming work. You're under the gun and doing a lot of juggling and you have a lot of things to keep straight. The benefit as I saw it (8 or so years of it), is that I basically got a new job every 3-6 months and was thrown into an environment where I had minimal knowledge and had to learn everything about its configuration and then secure it. It's hard and time consuming, but when you get to touch everything it's worth it and you'll gain tons of experience. The flipside, as mentioned, is having no life outside of work. Now, if you're cool with that ...

What was a normal day for you as a consultant? I'm a little confused on what they actually do? ...one more question haha.. I know you said that that you used to do consulting, do you currently work in security?

Thanks for the description impelse. I'll probably add that to my job search, once I get a full year of experience under my belt. Can people transition well into a security role, coming from consulting?

It all depends on what consulting role you come from. The advantage you might get, from consulting, is that you get a much more rounded view of what different shops use, how their response measures are setup, and just get broader views of IT security, in general.

So yes, you can transition from consulting to an IT security position, if you plan your path properly.

~ hayabusa ~

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'